<?php
/**************************************************************************************************
|
| AudioShare - Audio Sharing Script
| http://www.audiosharescript.com
| webmaster@audiosharescript.com
| Version: 2.0
|
|**************************************************************************************************
|
| By using this software you agree that you have read and acknowledged our End-User License 
| Agreement available at http://www.audiosharescript.com/eula.html and to be bound by it.
|
| Copyright (c) 2009 AudioShareScript.com. All rights reserved.
|**************************************************************************************************/

include("../include/config.php");
include_once("../include/functions/import.php");
include_once("../include/functions/admin.php");
verify_login_admin();

function insert_get_all_members()
{
    global $config,$conn;
	$query = "select USERID,username from members order by username asc"; 
	$results = $conn->execute($query);
	$returnthis = $results->getrows();
	return $returnthis;
}

// Send Message Begin
function send_message($sendmessagesubjectz,$sendmessagetextz,$userid,$profileid)
{
	global $conn, $config;
    $sendmessagesubjectz=htmlentities(strip_tags($sendmessagesubjectz),ENT_QUOTES,'UTF-8');
	$sendmessagetextz=htmlentities(strip_tags($sendmessagetextz),ENT_QUOTES,'UTF-8');
	
	if ($userid != "" && is_numeric($userid) && $profileid != "" && is_numeric($profileid))
	{
		$query="INSERT INTO messages_inbox SET MSGTO='".mysql_real_escape_string($profileid)."', MSGFROM='".mysql_real_escape_string($userid)."', subject='".mysql_real_escape_string($sendmessagesubjectz)."', message='".mysql_real_escape_string($sendmessagetextz)."', time='".time()."'";
		$conn->execute($query);
		$query="insert into messages_sent set MSGTO='".mysql_real_escape_string($profileid)."', MSGFROM='".mysql_real_escape_string($userid)."', subject='".mysql_real_escape_string($sendmessagesubjectz)."', message='".mysql_real_escape_string($sendmessagetextz)."', time='".time()."'";
		$conn->execute($query);
		
		if(mysql_affected_rows()>=1)
		{			
			$query="SELECT email,username FROM members WHERE USERID='".mysql_real_escape_string($profileid)."'";
			$executequery=$conn->execute($query);
			$sendtotempemail = $executequery->fields[email];
			$sendtotemp = $executequery->fields[username];
			
			$query="SELECT email,username FROM members WHERE USERID='".mysql_real_escape_string($userid)."'";
			$executequery=$conn->execute($query);
			$tempemail = $executequery->fields[email];
			$tempusername = $executequery->fields[username];
			
			$sendername = $config['site_name'];
			
			$from = $config['site_email'];
			$query = "SELECT * FROM sendmail WHERE EID='newmessage'";
			$executequery = $conn->execute($query);
			$subject = $executequery->fields['subject']." ".$tempusername;
			
			$inboxlink = $config['baseurl']."/myinbox.php";
			
			$sendmailbody = "<html>";
			$sendmailbody .= $sendtotemp.", you just received a new message from $tempusername. To view this message, click here:<br>";
			$sendmailbody .= "<a href=$inboxlink>$inboxlink</a><br><br>";
			$sendmailbody .= "If you cannot click the link, then visit this url:<br>";
			$sendmailbody .= $inboxlink."<br><br>";
			$sendmailbody .= "$sendername";
			$sendmailbody .= "</html>";
			mailme($sendtotempemail,$sendername,$from,$subject,$sendmailbody,$bcc="");
		}
	}
}
// Send Message End

if($_POST['submitform'] == "1")
{
	$TOUSERID = intval($_REQUEST['TOUSERID']);	
	$FROMUSERID = intval($_REQUEST['FROMUSERID']);
	$subject = escape($_REQUEST['subject']);
	$msg = escape($_REQUEST['msg']);
	$active = $_REQUEST['active'];
	$verified = $_REQUEST['verified'];
	
	if ($FROMUSERID == "0")
	{
		$error = "Error: Please select a user to send the message from.";
	}
	elseif ($subject == "")
	{
		$error = "Error: Please enter a subject.";
	}
	elseif ($msg == "")
	{
		$error = "Error: Please enter a message.";
	}
	
	if ($error == "")
	{
		if($TOUSERID == "0")
		{
			if($active != "")
			{
				$addtosql = " AND status='1'";
			}
			if($verified != "")
			{
				$addtosql .= " AND verified='1'";
			}
			
			$query="SELECT USERID FROM members WHERE USERID>='0' $addtosql";
			$results = $conn->execute($query);
			$returnthis = $results->getrows();
			$mtotal = count($returnthis);
			for($i=0;$i<$mtotal;$i++)
			{
				$sendtoid = $returnthis[$i]['USERID'];
				send_message($subject,$msg,$FROMUSERID,$sendtoid);
			}			
		}
		else
		{
			send_message($subject,$msg,$FROMUSERID,$TOUSERID);
		}
		
		$message = "Message Successfully Edited.";
		Stemplate::assign('message',$message);
	}
	else
	{
		Stemplate::assign('error',$error);
	}
	
}

$mainmenu = "10";
$submenu = "1";
Stemplate::assign('mainmenu',$mainmenu);
Stemplate::assign('submenu',$submenu);
STemplate::display("administrator/global_header.tpl");
STemplate::display("administrator/messages_send.tpl");
STemplate::display("administrator/global_footer.tpl");
?>